Posted!

Join the Conversation

AOL says it's investigating security breach

Nancy Blair, USATODAY
4:37 a.m. EDT April 29, 2014

A collection of CD's containing promotional software for AOL's internet service is shown Wednesday, July 19, 2006 in New York. Stepping up the chase for online advertising dollars, AOL will give away e-mail accounts and software now available only to its paying customers in a strategy shift likely to accelerate the decline in its core Internet access business. The decision, announced Wednesday Aug. 2, 2006 by AOL parent Time Warner Inc., removes the few remaining reasons for AOL subscribers to keep paying when they already have high-speed Internet access through a cable or phone company. (AP Photo/Mark Lennihan) ORG XMIT: NY118(Photo: MARK LENNIHAN AP)

SAN FRANCISCO (USATODAY.com) — AOL on Monday said it is investigating a security breach related to a spike in spoofed emails from AOL user accounts.

The company confirmed that there has been unauthorized access to a "significant number" of accounts.

Information that may have been exposed included AOL user email addresses, postal addresses, contact information, encrypted passwords and encrypted answers to security questions that AOL asks when a user resets a password, along with some employee information.

AOL said it believes spammers used the information to send spoofed email that appeared to come from about 2% of AOL email accounts.

Spoofing is a tactic spammers use to make it appear that a message is from someone familiar, in order to trick the recipient into opening it. The emails do not originate from the sender's email; the addresses are just edited to make them appear that way.

AOL's investigation is still under way.

The company said there is no indication that the encryption on the passwords or answers to security questions was broken.

As a precaution, it encourages users to reset passwords for any AOL service. It also encourages you to change the security question and answer related to a particular account.

The spoofed email issue first bubbled up about a week ago, when AOL email users took to Twitter to complain about the problem.